Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

tkrotchko writes "In a story published by Technology Review, researchers have demonstrated multiple times that they can bypass the security of wireless entry and ignition systems to take a car without the owner's permission. As researchers in the article point out, car security systems will begin have a real impact to every day use if a thief can simply walk up to your car and drive it away. Although this article is light on technical details, a companion article shows how the researchers accomplished the security bypass. An interesting read, and certainly something that will no doubt be the subject of a new movie any day now."

Kind of like the "security bypass" - it talks about a completely unrelated hack on the TPMS... unless it disappeared before I read it. (I'm talking about the "companion article [technologyreview.com]").

Why didn't they just use a standard passive RFID setup? They're not making money selling batteries to customers... I'm confused.

If on the other hand the key has enough power to transmit its signal 100 meters (passive RFID can't do that) then it has enough power to have a real PKI. But I don't think that'

Ross Anderson's security engineering textbook discusses this problem, as well as how cryptographic systems like Keeloq might be attacked, and some other related topics. I am going to guess, though, that the manufacturer's view is that a thief with the technical skills needed to take advantage of these vulnerabilities is rare (not saying I necessarily agree) and that most thieves will just smash the window and try to steal the radio before the cops arrive (do people still steal car radios?).

The problem with the manufacturer's view(banks seem to approach ATM skimmers with the same naivete) is that it only takes somebody with technical skills to do the actual cryptoanalysis, followed by some opportunist with a shady supply chain to "productize" the hack into something that you'll be able to buy over the internet for a few hundred or thousand dollars and operate with about as much difficulty as the average MP3 player...

Obviously, if every thief had to make his own tools, the intersection between people who can analyze novel(if flawed) cryptosystems and then build attack hardware that puts out sufficiently clean RF output exploiting whatever vulnerabilities exist and the people who steal cars for a living is pretty much zero. Stealing cars just isn't lucrative enough, unless times are very hard for engineers of reasonable talent.

That isn't the way it works, though. The guys doing the break-n'-grab are just peons using tools created by others(apparently, with ATM skimmers, there are even "franchise" style setups, where you get access to the hardware in exchange for uploading a percentage of your skims to your sponsor...) And, building sophisticated electronic tools is a perfectly fine business, definitely worth the time of talented people, particularly ones in locales with weakish rule of law and relatively low local wages...

Analyzing a system's security by saying "eh, how many carjackers are cryptoanalysts?" is sort of like dismissing the risks of a bad neighborhood by saying "Eh, how many muggers are machinists and gunsmiths?" It is true that the answer is "Not many, possibly zero"; but that won't exactly keep you from getting shot.

Exactly. It's basically the DRM problem all over again. Companies spend money to build DRM under the assumption that 99.99% of people won't have the ability to crack it, forgetting that it only takes one to put it on Bittorrent, at which point it doesn't matter that the other thousand folks couldn't crack it. The only difference is that at least with car alarms, you aren't trying to keep your actual customers from getting the key data from their dongles. (Well, knowing the automakers, they probably are,

First, I'm not saying that the problem is like DRM from a crypto perspective. In fact, I thought I made that pretty clear when I said that at least the automakers aren't trying to keep the shared secret from their customers. The point was that any weak crypto has the same inherent flaws as DRM (for different reasons)---that once broken by one person, it is broken for everyone.

In this specific case, though it is even more like DRM in that the flaw is not the crypto itself. It could be perfect and the syst

This attack had nothing to do with the cryptography used, and would succeed regardless of how the keys are cryptographically secured. Keyloq and 4096-bit RSA would both fail equally.

The attack concept was very simple: extend the range of the normal keyfob RF communications with a pair of radio repeaters, one of which is presented to the car as a surrogate, and the other is hidden near the victim's real key fob (perhaps a disguised repeater is hidden in their shopping cart while they were in a store.)

The problem isn't just that they can get into the car easily, it's that they can get in the car, start it, and drive away.

Stealing cars used to be easy. There were no fancy electronic keys like we have now, no steering locks like now. All you had to do was open the hood, run a wire from the battery to the coil, and short two terminals on the starter, get in, and drive away.

The same is probably true for Near Field Communications being developed d for financial transactions, such as in the Nexus S smart phone. (In fact that is just about the only reason the Nexus S exists, in all other respects it is a pretty standard Samsung phone).

Keyless entry and NFC simply do not have the security layer in place for the tasks that are being asked of them.

But when everything moves into your phone, keys, credit cards, and passwords, better security layers will have to be developed.

No, this wasn't a glaringly obvious attack, as it's incorporating a new attack idea to thwart defenses proposed by Ross Anderson after he demonstrated a similar attack on contactless credit cards a few years ago.

This was not a classic "man in the middle" attack, where the MITM has to pretend to be one end or the other. This was a "stretching the wireless attack". By using a pair of radio repeaters, the attackers were able to have one end next to the car, with an accomplice near the person with the keys.

Off the top of my head I'd say yes, if you have a big enough sledgehammer.

More seriously, while I know nothing about how these work, I would assume there is some kind of antenna receiving the fob's signal. Finding and either disconnecting or isolating the antenna is another story.

Oh okay.Mine's laying in my sock drawer - never been used. So any thief would never be able to use a transmitter to record its code (unless they broke in my house and stole it). The reason it's in my drawer is because I don't like the bulk of those fobs sitting in my pocket.

Short answer is, yes. Longer is.. depends on the car manufacturer. My parents got a car with one of the wireless fobs as an occasional drive car, the problem is the receiver for the fob drains the battery a good 80% quicker with it on, so the manufacturer put a button under the dash near the bottom of the steering column, that when pushed and held for a certain time disables the receiver in the car. Ostensibly, it's a power save feature, however I view it as a security feature as well since the physical ke

I had a Porsche 911 a few years back with a fob as a key replacement. If the fob was within a few feet of the car, the doors were unlocked, and automatically locked when it wasn't. If the fob was inside the car, the engine could be started with the push of a button, otherwise not. Of course there was a key as well, either for a valet or emergency backup.

Apparently my mother in law used to have a civic with keyless entry... in a small town of <30,000 there was another Civic of the exact same color which used the same code.

They found out one time at the mall that they could each open the other's car.

I bet there's not nearly enough uniqueness and security in these things.

Last week I drove a friend's late-90s Nissan in Mountain View. It's got a plain old mechanical key. On my way out of a store I walked up to a sedan of the same color, unlocked it, and then realized it wasn't even a Nissan. I confirmed that the key worked by locking it again from the outside before fleeing a couple aisles to the correct car.

Last week I drove a friend's late-90s Nissan in Mountain View. It's got a plain old mechanical key. On my way out of a store I walked up to a sedan of the same color, unlocked it, and then realized it wasn't even a Nissan. I confirmed that the key worked by locking it again from the outside before fleeing a couple aisles to the correct car.

In true slashdot fashion I shall pontificate without RTFA. Sounds like the wireless key designers have just carried over the mentality from the mechanical key designers here - a couple of hundred, maybe thousand, different key patterns distributed semi-randomly over millions of cars gives you pretty good security because testing any particular key on any particular car is a physical act with lots of manual overhead. But with wireless keys it can all be automated - you can even test multiple cars simultane

The keys rely on proximity. What the "attackers" did was to provide a boost to the signals sent out by the car, causing the key to respond at much larger distances from the car than normal. The near-proximity requirement only works one way (from the car to the key), so the key will respond to the boosted signals and the car will pick up the reply if the key is within 100 meters. This attack would allow a key inside a house to unlock and start a car on the driveway.

Even the manual way is susceptible to an old attack -- tryout keys. These are keys that are cut with patterns that usually tend to work on most vehicles.

I wish STRATTEC and other vehicle lock makers would change the physical lock's keyway every 2-3 years. This will cut down on people's keys randomly fitting other vehicles. Other items can be added (such as items like items found in Evva-Inox's keys) without sacrificing the reliability an automotive lock has to have.

Last week I drove a friend's late-90s Nissan in Mountain View. It's got a plain old mechanical key. On my way out of a store I walked up to a sedan of the same color, unlocked it, and then realized it wasn't even a Nissan.

Yeah, my Lancia key used to work in my friend's Ford door locks. Then again, a screwdriver did too.

I guess it is possible, but it is human error; nothing else. I acquired certifications for 25+ sales people and finance managers at a dealership that sold 4 different manufacturer's lineups. It is possible to sync those keyfobs to two vehicles, as the keyfob itself is the actual authenticator to unlock the vehicle, in the communication between car and keyfob; and then car just authenticates that, "yes, you have sync'd me to this key before." Unlocking two cars with the same keyfob, regardless of whether or not it is a proximity fob with a continuous signal or a regular old push-button-to-unlock-fob, is only a matter of sync'ing both cars to that fob. It just means at some point in time, there was a cruddy mechanic who didn't decide to wipe the key because, "woops, I just sync'd this key to the wrong car... I wonder what I need to do." They leave the car to go ask someone, and then discover the key is still opening the car it belongs to. Works for them.
Those keys didn't come from the OEM ready to open both cars. No way, no how.

This may become a problem for high-end cars. But to be honest lower to middle class folks only typically go so far as wireless entry. You still have to get the ignition going in these cases. Those systems have already been exploited, and yet most car thieves still simply result to smashing or picking something. Tech overhead on low end crime doesn't usually work well.

You do realize Nissan is selling keyless ignition systems on their Sentra model line right? a $20,000 car isn't that much but you can get one of these systems.(I know I love the convience of mine, but I do wonder about the risks)

I drive a stick. I expect most car jackers today will manage to get maybe three feet away.

More seriously, this really isn't a big deal. Car thieves use much faster and cruder methods, like hammering a screwdriver into the lock, or just break the window. Car alarms are a joke, too. When was the last time you heard somebody's car alarm go off that wasn't due to a big truck running by, or a dog brushing up against it, or kids throwing rocks?

Exactly, the people capable of this are able to get jobs that pay much better than stealing cars and there won't be easy to use tools for the idiot thieves to use because simply selling criminal tools is a crime, again keeping the skilled people out of the market.

That's really weak. That's barely a security hole at all. Someone has to be near me to have a system to talk to my car key?

Also, the explanation article isn't an explanation at all, it talks about tire pressure monitoring systems and how to spoof readings from those to the dash. It also makes the mistake of saying that the TREAD Act requires you have a wireless tire pressure monitoring system. That's not true at all, the requirements for tire pressure monitoring can be done completely passively by monitoring the effective circumference of the tire (rotation speed) and is done so in many makes.

Exactly. They were flipping out about this on some car forums a few weeks back (yeah,/. is behind the curve here) but I don't really see the issue. First off, TPMS monitors receive three kinds of signals: "This is my ID," "This is the tire pressure," and "Error."

It's not like you can send a "shut off the motor" signal through TPMS. It's not set up to receive that (and would therefore just drop it as junk data) and even if it were, it's not set up to carry out the command. At best on some of the better car

The concern about tpms isn't about hacking your car, its about tracking it. The premise being that if you deploy a bunch of receivers that listen for "This is my ID" from the TPMS, you can track everyone's vehicle.

It's not like you can send a "shut off the motor" signal through TPMS.

Some of the people hacking TPMS claim to have been able to send a 'completely brick the TPMS control unit' signal through TPMS from a hundred yards away with a directional antenna. If the firmware is that poorly written, it's unlikely but not inconceivable that they could make the TPMS unit send out crap that would interfere with the operation of other components.

And, either way, most people wouldn't be too happy about having to buy a new TPMS control unit because someone sent bad data to it.

The vulnerability is that the system depends on proximity but does nothing to verify proximity, it merely assumes that the presence of a recognizable signal implies proximity of a valid security token.

The exploit is to create a wormhole in proximity space, bringing the transmitted signal closer to the receiver space even though the transmitter space is far, far away, without making the transmitter traverse the Euclidean space in between.

Does the line: "car security systems will begin have a real impact to every day use if a thief can simply walk up to your car and drive it away." seem to imply car thievery is a new thing? Thieves have been stealing cars since you had to hand crank the engine. Sure the techniques in 1911 were different from the techniques in 2011 but this is a a bit hysterical isn't it? Criminals are always getting better than security which leads to better security which leads to more cunning thieves, like any living syste

The article doesn't say which models and brands were attacked. I'd be curious to see which ones they got.

These keys are certainly extremely useful. The key on mine detects if its inside or outside the car, and can even open the trunk if I touch a button by the tail lights. The fact that the manufacturers haven't considered the security ramifications of these keys is unsettling.

From the description, this seems to be a variation on the standard man-in-the-middle attack. These manufacturers should know bet

No, no, no... "stealing" is taking without permission. "Copyright infringement" is setting fire to someone's house, kicking their puppy, selling their child off for medical research, punching them in the nose, and then taking something without permission.

I think you need to be a little switched on to know and try this sort of stuff in the first place. Which means you can probably either get an acceptable paying job (at least, better paid than burger flipping) with zero risk of going to jail, or perhaps a higher paying and ethically dubious occupation but with less risk there too. Like an "opportunistically pricing" mechanic, for example. He may charge a woman $500 for changing a spark plug but he's not going to go to jail for it.

This patent presents a locking system for automotive vehicles that can not be snooped by a nearby wireless hacker. This approach eliminates the need for problem prone wireless receivers and transmitters, whose signal can easily be captured by a third party in the vicinity. This devices presents an opening in the door of about 2mm x 5mm and requires the use of a specifically shaped piece of metal This piece of metal would be unique to each owner. Activation and deactivation is accomplished by a rotational action in either clock-wise or anti-clockwise directions.

This patent is truly ground-breaking since it eliminates the need for an electronic system to function.

I can find no fault nor prior art with regards to your patent application. Your application is hereby approved. Please note that on the way out the door intent to sue forms are on your left, and a directory of lawyers on your right. For your convenience, we have also supplied a list of the largest companies that may be possible targets for your legislation. Thank you for visiting the Lawsuit-o-matic Patent Office, and have a nice day.

approach to fighting vehicle theft. Your idea will not work. Here is why it won’t work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Thieves can easily use it to harvest spare change( ) Remote starts and other legitimate email uses would be affected( ) No one will be able to find the guy or colle

The morning news in SF Bay Area showed home security footage of someone just walking up to a supposedly locked up car (Toyota) and looting it without using a key or smashing windows. Apparently there has been a bunch of car robberies of this nature around the Bay Area.

There are other ways to pop open cars. Take the slim jim for example. Even if that doesn't work, the metal on car doors is thin, so someone using a screwdriver to peel back the metal around the door handle, or perhaps punch the door handle in to be able to pull on the locking rod. This is why there are third party reinforcing plates sold (Jimmi Jammer) to protect against exactly that.

Other than adding heavy gauge containers (either bolting or even welding them down), it is almost impossible to stop smash

False dichotomy: Criminals want to steal your car or they don't.Tautology: If they are going to steal it, then they are going to steal it.

The decision to commit a crime is relative to the reward of the crime and the risk of getting caught. If the risk is low enough in relation to the value of the crime, then the criminal will commit the crime. If it's not, and there's no mitigating circumstances, the criminal will not commit the crime.

Make your car as difficult as possible to be stolen and your car will be

If this technology became more commonplace, and car theft becomes easy as downloading an ap for your iphone
we may have to reverse our slogans.
Start an anti car-theft promotion,
You wouldn't download a song would you?

The companion article talks about something entirely different, namely security issues with wireless Tire Pressure Monitoring Systems. Neither the main article nor the "companion" article talk about the TPMS hack having anything whatsoever to do with vehicle theft or sabotage at the current time.

Are they making cars without steering-wheel locks requiring physical keys now? I thought it was federal law that you couldn't do that--but maybe that was just an assumption.

I have remote door locks and remote start, but getting into the car isn't that hard anyway (Brick authorized entry works as well as it always has)--getting past the steering wheel lock requires SOME kind of solution...

Another potential danger of unauthorized remote auto-start is carbon monoxide poisoning of the car owner, if the car (in particular, those with traditional combustion engines) is parked near living areas, such as in an attached garage.

Do cars with remote auto-start have safety features to prevent it from being misused, such as excessive idling?

My solution is to put a big steel bracket around my brake pedal that would take more than a few minutes of cutting to get through before you can drive away. It doesn't prevent a determined party from taking the car if he really wants to, but it's a layer of actual physical security that prevents someone from duplicating a software key and riding away, just like it prevented someone from picking the lock and hotwiring the ignition and riding away on an older model.

An interesting read, and certainly something that will no doubt be the subject of a new movie any day now.

Yeah. But in the movie the hacker will have to maneuver around some vector graphic blocks popping up on a green laptop screen, in order to "bypass" the system.
After bypassing the last cipher "block" the screen will change to a CAD-drawing of a car highlighting various control systems. At which point the car doors will pop open (not unlock, pop open!) and the hacker will shout "I'm in!"

If any of you have ever installed a remote start on a car with a chip-in-the-key security, you'd realize this isn't that exciting or unexpected. In the earlier days of bypassing the chips in the keys, this is the exact technique we used. It was analog-to-analog too. The key was placed into a winding of wire (maybe 11 to 60 loops), one end of the loop connected to a relay. Then, at the ignition cylinder, there was another loop of wires, again typically anywhere from 5 loops to 30 loops, with one end of that

Steering column locks are a joke to a serious thief. When I was in college out of high school, my car got broken into, and the steering column smashed open. What kept the vehicle from disappearing is the fact that I put in a kill switch so it would start, but as soon as the ignition returned to "on", it would immediately stall. So, frustrated thieves would just haul ass out of there after a few failed starts.

I'm pretty sure that was staged for entertainment purposes. Most cars require that the key be *inside* the car, or very close to it in order to start. A guy sitting in a diner with a wall/window and several feet of parking space/sidewalk/restaurant between him and his car probably wasn't close enough.

How will the car know? It's the fact that the key isn't very strong that determines the range. If I get a more powerful antenna, there's no way the car could tell that it was coming from outside the car versus inside.

Why? Mechanical locks are just as vulnerable if not more vulnerable so why put up with the inconvenience? Heck thieves have been known to use flatbed wreckers to haul off cars to take them to a chop shop, disabling your keyless entry certainly isn't going to stop that!

Mechanical Locks: Walk up to car, break window or slim jim the lock (both loud when the car has an alarm), hotwire/break ignition system, try to disable the alarm, drive away.

It's the difference between using a fake ID to get into a bar and having to punch a couple of people in the face to get into the door. The latter is inherently a bit more risky and likely to draw attention.

The "inconvenience" of using a key is worth the minute effort for the s

This is one of those funny things I don't really get. I mean I am all for technology and love gadgets, but I don't see the point in putting technology into something just for the sake of putting technology into something. What ever happened to:

Does it have a valid use?
Does it improve the item in some way?
Has adding the feature still kept the product simple and intuitive?
Are the benefits going to outweigh the drawbacks?

In my books, if you answer "No" to any of those, then don't put it in. These rule

What do you mean you might not use it? Really? I think every geek dreams about being able to simultaneously set off ten thousand car alarms. It was awesome enough just being in a marching band and setting off five or six along the parade routes.

Of course, it's also easier to roll a stick shift car onto a flatbed -- shifting into neutral and disengaging the parking brake requires physical access alone, whereas shifting into neutral in an slushbox usually (right?) requires the key. Not exactly a showstopper if you're just gonna put it on a trailer, but still.